Is Cisco's Security Glass Half Full or Half Empty?

How serious about security is a vendor whose default administration mechanism still runs over a clear-text protocol like telnet?

Cisco has introduced 14 new security solutions and services. That's a hefty number of new products, even for Cisco. But what's truly newsworthy here is Cisco's emphasis on security--and that's not a surprise when you consider how well security products are selling.

Most of the new releases are actually expansions on existing products. But one item caught our eye: IOS AutoSecure, a "CLI-based feature for one-touch router lockdown." This may be a sign, albeit a small a one, that Cisco views security as more than a product. Cisco wares--outside of its security-specific product lines--have lacked this feature.

Here's the release I'm waiting for: "Cisco has announced SSH v2 support in all its routing platforms and will no longer charge customers for trying to manage devices securely." I know at least two enterprise customers who are furious that they have to pay extra to get basic SSH support in their Cisco routers and switches. Extreme? Enterasys? Juniper? They don't charge extra to manage their devices securely. But Cisco can't get SSH v2 integrated into its product line, much less support SSH v1 in its standard IOS builds.

How serious about security is a vendor whose default administration mechanism still runs over a clear-text protocol like telnet? Cisco execs aren't stupid; they know security products are selling. But they should also know security is more than a feature, it's a philosophy.